<div dir="ltr"><div>It seems that you are right.</div><div><br></div><div>ECP384 is Elliptic Curve DH (ECDH) group</div><div><a href="https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites">https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites</a> <br></div><div><br></div><div><br></div><div>and for ECDH you need one of *ssl plugins (botan, wolfssl, openssl)</div><div><a href="https://wiki.strongswan.org/projects/strongswan/wiki/PluginList">https://wiki.strongswan.org/projects/strongswan/wiki/PluginList</a> </div><div>I think it depends on which library you have installed.</div><div><br></div><div>First link says "b w o", which means botan, wolf and open implement this group.<br></div><div> </div><div><br></div><div>>What other options are useful to enable for a general purpose install?</div><div>It depends. I use this (see config options)</div><a href="https://slackbuilds.org/repository/14.2/network/strongswan/">https://slackbuilds.org/repository/14.2/network/strongswan/</a> <br><div>and it works, at least for my install:)</div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Jul 17, 2019 at 3:19 AM Ben Greear <<a href="mailto:greearb@candelatech.com">greearb@candelatech.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello,<br>
<br>
While googling for the error below, it seems that my problem is probably that I am not<br>
running ./configure --enable-openssl<br>
<br>
What other options are useful to enable for a general purpose install?<br>
<br>
Jul 16 17:08:56 lf0313-63e7 charon[1530]: 16[ENC] parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ]<br>
Jul 16 17:08:56 lf0313-63e7 charon[1530]: 16[IKE] peer didn't accept DH group MODP_3072, it requested ECP_384<br>
Jul 16 17:08:56 lf0313-63e7 charon[1530]: 16[IKE] initiating IKE_SA _vrf4[19] to 192.168.5.1<br>
Jul 16 17:08:56 lf0313-63e7 charon[1530]: 16[IKE] initiating IKE_SA _vrf4[19] to 192.168.5.1<br>
Jul 16 17:08:56 lf0313-63e7 charon[1530]: 16[IKE] requested DH group ECP_384 not supported<br>
<br>
Thanks,<br>
Ben<br>
<br>
-- <br>
Ben Greear <<a href="mailto:greearb@candelatech.com" target="_blank">greearb@candelatech.com</a>><br>
Candela Technologies Inc <a href="http://www.candelatech.com" rel="noreferrer" target="_blank">http://www.candelatech.com</a><br>
<br>
</blockquote></div>